Bug#754193: linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host
Hi, On Tue, Jul 08, 2014 at 05:30:48PM +0100, Ben Hutchings wrote: > On Tue, 2014-07-08 at 16:33 +0200, Łukasz Stelmach wrote: > > Package: src:linux > > Version: 3.2.60-1+deb7u1 > > Severity: normal > > > > Dear Maintainer, > > > > tl;dr: init in a container (PID namespace) can call reboot(2) and > > shutdown the host machine. > > Yes, and you need real user namespaces (as introduced in Linux 3.7) to > prevent this. > > > Please refer to [1] for a detailed description of symptoms. > > > > After some investigation and thanks to help received from systemd > > developers I can tell the problems can be solved by applying [2] to the > > kernel. The patch is relatively old, it has been released only three > > months after 3.2.0 so I hope applying it wouldn't be a problem. > [...] > > This change seems to make containers work better, but it does not > improve security. I'm not sure whether this is sufficient justification > for a stable update. Please can you ask the stable release team > (debian-rele...@lists.debian.org) to consider this. I'm still inclinded to close this bug now, would you agree? Regards, Salvatore
Bug#754193: linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host
It was 2014-07-08 wto 18:30, when Ben Hutchings wrote: On Tue, 2014-07-08 at 16:33 +0200, Łukasz Stelmach wrote: Package: src:linux Version: 3.2.60-1+deb7u1 Severity: normal Dear Maintainer, tl;dr: init in a container (PID namespace) can call reboot(2) and shutdown the host machine. Yes, and you need real user namespaces (as introduced in Linux 3.7) to prevent this. It does not *seem* the so on 3.14-0.bpo.1-amd64: --8---cut here---start-8--- # ls -l /proc/1/ns total 0 lrwxrwxrwx 1 root root 0 Jul 9 10:39 ipc - ipc:[4026531839] lrwxrwxrwx 1 root root 0 Jul 9 10:39 mnt - mnt:[4026531840] lrwxrwxrwx 1 root root 0 Jul 9 10:39 net - net:[4026531968] lrwxrwxrwx 1 root root 0 Jul 9 10:39 pid - pid:[4026531836] lrwxrwxrwx 1 root root 0 Jul 9 10:39 user - user:[4026531837] lrwxrwxrwx 1 root root 0 Jul 9 10:39 uts - uts:[4026531838] # ls -l /proc/2572/ns/ total 0 lrwxrwxrwx 1 root root 0 Jul 9 10:34 ipc - ipc:[4026532358] lrwxrwxrwx 1 root root 0 Jul 9 10:34 mnt - mnt:[4026532356] lrwxrwxrwx 1 root root 0 Jul 9 10:34 net - net:[4026531968] lrwxrwxrwx 1 root root 0 Jul 9 10:34 pid - pid:[4026532359] lrwxrwxrwx 1 root root 0 Jul 9 10:34 user - user:[4026531837] lrwxrwxrwx 1 root root 0 Jul 9 10:34 uts - uts:[4026532357] --8---cut here---end---8--- PID 2572 is a contained systemd and it works in the same user (and net) namespace as PID 1. Please refer to [1] for a detailed description of symptoms. After some investigation and thanks to help received from systemd developers I can tell the problems can be solved by applying [2] to the kernel. The patch is relatively old, it has been released only three months after 3.2.0 so I hope applying it wouldn't be a problem. [...] This change seems to make containers work better, but it does not improve security. I'm not sure whether this is sufficient justification for a stable update. Please can you ask the stable release team (debian-rele...@lists.debian.org) to consider this. Sent. -- Łukasz Stelmach Samsung RD Institute Poland Samsung Electronics pgpZTbHl0c92W.pgp Description: PGP signature
Bug#754193: linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host
Package: src:linux Version: 3.2.60-1+deb7u1 Severity: normal Dear Maintainer, tl;dr: init in a container (PID namespace) can call reboot(2) and shutdown the host machine. Please refer to [1] for a detailed description of symptoms. After some investigation and thanks to help received from systemd developers I can tell the problems can be solved by applying [2] to the kernel. The patch is relatively old, it has been released only three months after 3.2.0 so I hope applying it wouldn't be a problem. [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754184 [2] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf3f8921 -- Package-specific info: ** Version: Linux version 3.2.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.60-1+deb7u1 ** Command line: initrd=/boot/initrd.img-3.2.0-4-amd64 root=UUID=f52fdabb-9a8b-4a87-b89e-dbb3aecbcb8b ro init=/lib/systemd/systemd BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-amd64 ** Not tainted ** Kernel log: [ 17.308252] drm: registered panic notifier [ 17.308603] acpi device:01: registered as cooling_device8 [ 17.308776] input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input5 [ 17.308808] ACPI: Video Device [GFX0] (multi-head: yes rom: no post: no) [ 17.308819] [drm] Initialized i915 1.6.0 20080730 for :00:02.0 on minor 0 [ 17.308893] snd_hda_intel :00:1b.0: irq 45 for MSI/MSI-X [ 17.308912] snd_hda_intel :00:1b.0: setting latency timer to 64 [ 17.490934] systemd[1]: Started Various fixups to make systemd work better on Debian. [ 17.491140] systemd[1]: Mounted Lock Directory. [ 17.491232] systemd[1]: Mounted User Runtime Directory. [ 17.491304] systemd[1]: Starting Local File Systems. [ 17.491365] systemd[1]: Reached target Local File Systems. [ 17.491379] systemd[1]: Starting LSB: Restore resolv.conf if the system crashed [ 17.578239] systemd[1]: Starting LSB: ebtables ruleset management... [ 17.626663] usbcore: registered new interface driver usbserial [ 17.626671] USB Serial support registered for generic [ 17.626686] usbcore: registered new interface driver usbserial_generic [ 17.626687] usbserial: USB Serial Driver core [ 17.634148] USB Serial support registered for FTDI USB Serial Device [ 17.634191] ftdi_sio 2-1.1.2.4:1.0: FTDI USB Serial Device converter detected [ 17.634216] usb 2-1.1.2.4: Detected FT232RL [ 17.634217] usb 2-1.1.2.4: Number of endpoints 2 [ 17.634226] usb 2-1.1.2.4: Endpoint 1 MaxPacketSize 64 [ 17.634227] usb 2-1.1.2.4: Endpoint 2 MaxPacketSize 64 [ 17.634228] usb 2-1.1.2.4: Setting MaxPacketSize 64 [ 17.634708] usb 2-1.1.2.4: FTDI USB Serial Device converter now attached to ttyUSB0 [ 17.634715] usbcore: registered new interface driver ftdi_sio [ 17.634716] ftdi_sio: v1.6.0:USB FTDI Serial Converters Driver [ 17.658024] systemd[1]: Starting LSB: Nameserver information manager... [ 17.706006] systemd[1]: Starting Recreate Volatile Files and Directories... [ 17.71] systemd[1]: Starting Remote File Systems. [ 17.777898] systemd[1]: Reached target Remote File Systems. [ 17.777928] systemd[1]: Starting LSB: Cleans up any mess left by 0dns-up... [ 17.821560] systemd[1]: Starting LSB: Restore and store ALSA driver settings... [ 17.937240] systemd[1]: Starting LSB: VirtualBox Linux X11 Additions... [ 18.005039] systemd[1]: Starting LSB: screen sessions cleaning... [ 18.040925] systemd[1]: Starting LSB: Prepare console... [ 18.09] hda_codec: ALC269: SKU not ready 0x41f0 [ 18.096352] input: HDA Digital PCBeep as /devices/pci:00/:00:1b.0/input/input6 [ 18.124699] systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage... [ 18.204499] systemd[1]: Started Load Random Seed. [ 18.260399] systemd[1]: Started LSB: Restore resolv.conf if the system crashed.. [ 18.328180] systemd[1]: Started LSB: ebtables ruleset management. [ 18.358599] HDMI status: Codec=3 Pin=6 Presence_Detect=0 ELD_Valid=0 [ 18.358798] input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci:00/:00:1b.0/sound/card0/input7 [ 18.359190] input: HDA Intel PCH Headphone as /devices/pci:00/:00:1b.0/sound/card0/input8 [ 18.384081] systemd[1]: Started Recreate Volatile Files and Directories. [ 18.467758] systemd[1]: Started LSB: Cleans up any mess left by 0dns-up. [ 18.527560] systemd[1]: Started LSB: VirtualBox Linux X11 Additions. [ 19.026203] systemd[1]: Started LSB: Nameserver information manager. [ 19.157799] systemd[1]: Started LSB: screen sessions cleaning. [ 19.297399] systemd[1]: Started LSB: Prepare console. [ 19.297461] systemd[1]: Starting LSB: Raise network interfaces [ 19.428996] systemd[1]: Mounting Arbitrary Executable File Formats File System... [ 19.566560] systemd[1]: Starting Sound Card. [ 19.566613] systemd[1]: Reached target Sound Card. [ 19.899712] systemd[1]: Started LSB: Restore
Bug#754193: linux-image-3.2.0-4-amd64: reboot(2) called from a PID namespace shuts down a host
On Tue, 2014-07-08 at 16:33 +0200, Łukasz Stelmach wrote: Package: src:linux Version: 3.2.60-1+deb7u1 Severity: normal Dear Maintainer, tl;dr: init in a container (PID namespace) can call reboot(2) and shutdown the host machine. Yes, and you need real user namespaces (as introduced in Linux 3.7) to prevent this. Please refer to [1] for a detailed description of symptoms. After some investigation and thanks to help received from systemd developers I can tell the problems can be solved by applying [2] to the kernel. The patch is relatively old, it has been released only three months after 3.2.0 so I hope applying it wouldn't be a problem. [...] This change seems to make containers work better, but it does not improve security. I'm not sure whether this is sufficient justification for a stable update. Please can you ask the stable release team (debian-rele...@lists.debian.org) to consider this. Ben. -- Ben Hutchings Any smoothly functioning technology is indistinguishable from a rigged demo. signature.asc Description: This is a digitally signed message part
